I am receiving all posts, but if I try to log to the list and I say that I forgot the password, I get the answer that this e-mail is not connected to any account!!! That of course is not possible
On Thu, 2016-10-20 at 17:56 +0200, antonio montagnani wrote:
I am receiving all posts, but if I try to log to the list and I say that I forgot the password, I get the answer that this e-mail is not connected to any account!!! That of course is not possible
It's possible if you are receiving the list through a different address, perhaps via a forwarding mechanism. Check the headers on list messages to see how they are getting to you.
poc
On Thu, Oct 20, 2016 at 12:56 PM, antonio montagnani < antonio.montagnani@alice.it> wrote:
I am receiving all posts, but if I try to log to the list and I say that I forgot the password, I get the answer that this e-mail is not connected to any account!!! That of course is not possible
This is a mailing list, not a web-based forum. There is nothing to log-in to. To send messages you write a new e-mail to the list address and everyone subscribed gets it into their inboxes.
Some services like Google Groups and Yahoo groups host discussion groups which can be accessed like a traditional mailing list and also as a web based forum (in other words reading and writing new messages from its web interface).
But AFAIK this is a traditional style mailing list . FC
On Thu, 2016-10-20 at 13:29 -0300, Fernando Cassia wrote:
On Thu, Oct 20, 2016 at 12:56 PM, antonio montagnani < antonio.montagnani@alice.it> wrote:
I am receiving all posts, but if I try to log to the list and I say that I forgot the password, I get the answer that this e-mail is not connected to any account!!! That of course is not possible
This is a mailing list, not a web-based forum. There is nothing to log-in to. To send messages you write a new e-mail to the list address and everyone subscribed gets it into their inboxes.
Some services like Google Groups and Yahoo groups host discussion groups which can be accessed like a traditional mailing list and also as a web based forum (in other words reading and writing new messages from its web interface).
But AFAIK this is a traditional style mailing list .
Yes, but the web-based archive system changed a few months ago, (to something that is IMHO markedly worse than what it used to be) and that does require a login.
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
BTW, why doesn't the message footer give the list URL as it used to?
poc
I am happy that you don't need to reed archives and/or modify your account/profile. Count to ten before writing
Antonio Montagnani
Linux Fedora 24 (Workstation) inviato da Gmail
2016-10-20 18:29 GMT+02:00 Fernando Cassia fcassia@gmail.com:
On Thu, Oct 20, 2016 at 12:56 PM, antonio montagnani < antonio.montagnani@alice.it> wrote:
I am receiving all posts, but if I try to log to the list and I say that I forgot the password, I get the answer that this e-mail is not connected to any account!!! That of course is not possible
This is a mailing list, not a web-based forum. There is nothing to log-in to. To send messages you write a new e-mail to the list address and everyone subscribed gets it into their inboxes.
Some services like Google Groups and Yahoo groups host discussion groups which can be accessed like a traditional mailing list and also as a web based forum (in other words reading and writing new messages from its web interface).
But AFAIK this is a traditional style mailing list . FC
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
Patrick O'Callaghan ha scritto il 20/10/2016 alle 18:45:
On Thu, 2016-10-20 at 13:29 -0300, Fernando Cassia wrote:
On Thu, Oct 20, 2016 at 12:56 PM, antonio montagnani < antonio.montagnani@alice.it> wrote:
I am receiving all posts, but if I try to log to the list and I say that I forgot the password, I get the answer that this e-mail is not connected to any account!!! That of course is not possible
This is a mailing list, not a web-based forum. There is nothing to log-in to. To send messages you write a new e-mail to the list address and everyone subscribed gets it into their inboxes.
Some services like Google Groups and Yahoo groups host discussion groups which can be accessed like a traditional mailing list and also as a web based forum (in other words reading and writing new messages from its web interface).
But AFAIK this is a traditional style mailing list .
Yes, but the web-based archive system changed a few months ago, (to something that is IMHO markedly worse than what it used to be) and that does require a login.
in the previous interface I could log in by e-mail address and password, and now ?? I don't have any user account....or if I had one I have no idea how to recover it
On Thu, 20 Oct 2016 19:01:35 +0200 antonio montagnani antonio.montagnani@alice.it wrote:
in the previous interface I could log in by e-mail address and password, and now ?? I don't have any user account....or if I had one I have no idea how to recover it
Unlike mailman 2, mailman 3 (which we now use for all Fedora lists), has no local accounts or passwords. (aside from a few added when we were using persona) You instead manage your lists by logging in using some existing account and then attaching whatever email addresses you use to that account.
Currently, you can login via any of the providers listed here: https://lists.fedoraproject.org/accounts/login/ yahoo, generic openid, google, fedora, twitter, github, gitlab, facebook, stack exchange.
So, what you should do is go to:
https://lists.fedoraproject.org/admin/
and click on 'login' in the top right.
Choose a login method. Login via that account.
Once you are logged in, go to 'my settings' and 'profile' and add email address. Add your existing email address. You will get a email with a confirm link in it, once you click on that that email will be attached to your account and you can subscribe/change prefs for it as much as you like. If you are using a google email address and sign in with google, it should automatically attach that email address, so you won't need to do that part.
kevin
On Thu, Oct 20, 2016 at 1:58 PM, Antonio M antonio.montagnani@gmail.com wrote:
I am happy that you don't need to reed archives
Whaat exactly do you mean by "reed" archives?
reed *noun* plural noun:
*reeds* - *1*. a tall, slender-leaved plant of the grass family that grows in water or on marshy ground.
- used in names of plants similar to reeds, growing in wet habitats, e.g., *bur reed*. - the tall, thin, straight stalk of a reed, used especially as material for thatching. - reeds growing in a mass or used as material, especially for making thatch or household items. "a reed curtain" - literary a rustic musical pipe made from a reed or from straw.
*2*. a thing or person resembling or likened to a reed, in particular.
;-)
Count to ten before writing Antonio Montagnani
The pot calling the kettle black?
This list runs on Mailman. Mailman as sucj -unless configured differently- takes e-mail commands via emails to the address {listname}-request
as specified in http://www.list.org/mailman-member/node10.html
http://www.list.org/mailman-member/node41.html#a:commands http://www.list.org/mailman-member/node42.html
You're welcome. FC
reed means just a mistyping for read....not difficult to understand.
Antonio Montagnani
Linux Fedora 24 (Workstation) inviato da Gmail
2016-10-20 21:19 GMT+02:00 Fernando Cassia fcassia@gmail.com:
On Thu, Oct 20, 2016 at 1:58 PM, Antonio M antonio.montagnani@gmail.com wrote:
I am happy that you don't need to reed archives
Whaat exactly do you mean by "reed" archives?
reed *noun* plural noun:
*reeds*
- *1*.
a tall, slender-leaved plant of the grass family that grows in water or on marshy ground.
- used in names of plants similar to reeds, growing in wet habitats,
e.g., *bur reed*.
- the tall, thin, straight stalk of a reed, used especially as
material for thatching.
- reeds growing in a mass or used as material, especially for making
thatch or household items. "a reed curtain"
- literary
a rustic musical pipe made from a reed or from straw.
*2*. a thing or person resembling or likened to a reed, in particular.
;-)
Count to ten before writing Antonio Montagnani
The pot calling the kettle black?
This list runs on Mailman. Mailman as sucj -unless configured differently- takes e-mail commands via emails to the address {listname}-request
as specified in http://www.list.org/mailman-member/node10.html
http://www.list.org/mailman-member/node41.html#a:commands http://www.list.org/mailman-member/node42.html
You're welcome. FC -- During times of Universal Deceit, telling the truth becomes a revolutionary act Durante épocas de Engaño Universal, decir la verdad se convierte en un Acto Revolucionario
- George Orwell
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
Tnx Kevin for your kindness. Your e-mail was very clear so now everything is o.k.
Antonio Montagnani
Linux Fedora 24 (Workstation) inviato da Gmail
2016-10-20 21:03 GMT+02:00 Kevin Fenzi kevin@scrye.com:
On Thu, 20 Oct 2016 19:01:35 +0200 antonio montagnani antonio.montagnani@alice.it wrote:
in the previous interface I could log in by e-mail address and password, and now ?? I don't have any user account....or if I had one I have no idea how to recover it
Unlike mailman 2, mailman 3 (which we now use for all Fedora lists), has no local accounts or passwords. (aside from a few added when we were using persona) You instead manage your lists by logging in using some existing account and then attaching whatever email addresses you use to that account.
Currently, you can login via any of the providers listed here: https://lists.fedoraproject.org/accounts/login/ yahoo, generic openid, google, fedora, twitter, github, gitlab, facebook, stack exchange.
So, what you should do is go to:
https://lists.fedoraproject.org/admin/
and click on 'login' in the top right.
Choose a login method. Login via that account.
Once you are logged in, go to 'my settings' and 'profile' and add email address. Add your existing email address. You will get a email with a confirm link in it, once you click on that that email will be attached to your account and you can subscribe/change prefs for it as much as you like. If you are using a google email address and sign in with google, it should automatically attach that email address, so you won't need to do that part.
kevin
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
On Thu, 20 Oct 2016 13:03:23 -0600 Kevin Fenzi kevin@scrye.com wrote:
Unlike mailman 2, mailman 3 (which we now use for all Fedora lists), has no local accounts or passwords. (aside from a few added when we were using persona) You instead manage your lists by logging in using some existing account and then attaching whatever email addresses you use to that account.
Currently, you can login via any of the providers listed here: https://lists.fedoraproject.org/accounts/login/ yahoo, generic openid, google, fedora, twitter, github, gitlab, facebook, stack exchange.
I've been thinking about this. It seems like security is being traded off for convenience. If a breach of security occurs (like the yahoo breach), it means that multiple accounts are now compromised. I can see where it becomes easier to administer since the responsibility for administration is now someone else's responsibility.
Am I missing something?
On Thu, Oct 20, 2016 at 04:25:23PM -0700, stan wrote:
Currently, you can login via any of the providers listed here: https://lists.fedoraproject.org/accounts/login/ yahoo, generic openid, google, fedora, twitter, github, gitlab, facebook, stack exchange.
I've been thinking about this. It seems like security is being traded off for convenience. If a breach of security occurs (like the yahoo breach), it means that multiple accounts are now compromised. I can see where it becomes easier to administer since the responsibility for administration is now someone else's responsibility.
Am I missing something?
Well, mailman2 passwords were always kind of a joke anyway, since you could reset it with your email address; if you're subscribed with a yahoo account and your yahoo password is compromised, they could log in.
But beyond that, security is relative to risk, and related to that, consequences of failure. What are the consequences here?
On 10/20/2016 04:25 PM, stan wrote:
On Thu, 20 Oct 2016 13:03:23 -0600 Kevin Fenzi kevin@scrye.com wrote:
Unlike mailman 2, mailman 3 (which we now use for all Fedora lists), has no local accounts or passwords. (aside from a few added when we were using persona) You instead manage your lists by logging in using some existing account and then attaching whatever email addresses you use to that account.
Currently, you can login via any of the providers listed here: https://lists.fedoraproject.org/accounts/login/ yahoo, generic openid, google, fedora, twitter, github, gitlab, facebook, stack exchange.
I've been thinking about this. It seems like security is being traded off for convenience. If a breach of security occurs (like the yahoo breach), it means that multiple accounts are now compromised. I can see where it becomes easier to administer since the responsibility for administration is now someone else's responsibility.
Am I missing something?
Not to my mind. SSO (single sign on) is, IMHO, a really bad thing. Yes, it's easier to administer because the authentication is being handled by someone else and you "don't have to be bothered". However, now your security is now ENTIRELY dependent on the security of that provider. If they're breached, YOU'RE breached. Relying on someone else to provide your security is, again IMHO, a truly idiotic thing to do. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - Whoever said "Money can't buy happiness" obviously never had any - - money! - ----------------------------------------------------------------------
On Thu, Oct 20, 2016 at 05:01:06PM -0700, Rick Stevens wrote:
Not to my mind. SSO (single sign on) is, IMHO, a really bad thing. Yes, it's easier to administer because the authentication is being handled by someone else and you "don't have to be bothered". However, now your security is now ENTIRELY dependent on the security of that provider. If they're breached, YOU'RE breached. Relying on someone else to provide your security is, again IMHO, a truly idiotic thing to do.
Note that with the options provided, you could use your *own* open identity provider.
On Thu, 20 Oct 2016 19:32:42 -0400 Matthew Miller mattdm@fedoraproject.org wrote:
On Thu, Oct 20, 2016 at 04:25:23PM -0700, stan wrote:
Currently, you can login via any of the providers listed here: https://lists.fedoraproject.org/accounts/login/ yahoo, generic openid, google, fedora, twitter, github, gitlab, facebook, stack exchange.
I've been thinking about this. It seems like security is being traded off for convenience. If a breach of security occurs (like the yahoo breach), it means that multiple accounts are now compromised. I can see where it becomes easier to administer since the responsibility for administration is now someone else's responsibility.
Am I missing something?
Well, mailman2 passwords were always kind of a joke anyway, since you could reset it with your email address; if you're subscribed with a yahoo account and your yahoo password is compromised, they could log in.
But beyond that, security is relative to risk, and related to that, consequences of failure. What are the consequences here?
I read this as saying that you are agreeing that it is a security risk, but that what is being risked is of so little value that any compromise of security is not worthy of consideration. And that seems to make sense in this case.
I then think that Fedora is using all those other accounts as a sort of 'captcha' filter to prevent spam from getting to the list. Otherwise, why bother having any security at all to sign up for a mailing list? Just take the email address, send a confirmation, get a response, and bob's your uncle.
In fact, given that a spammer could set up their own openid server, there really isn't any security at all. I suppose the work of setting up and maintaining the server is a hurdle to prevent casual abuse.
On Thu, 20 Oct 2016 17:01:06 -0700 Rick Stevens ricks@alldigital.com wrote:
Not to my mind. SSO (single sign on) is, IMHO, a really bad thing. Yes, it's easier to administer because the authentication is being handled by someone else and you "don't have to be bothered". However, now your security is now ENTIRELY dependent on the security of that provider. If they're breached, YOU'RE breached. Relying on someone else to provide your security is, again IMHO, a truly idiotic thing to do.
Thanks, this was my reasoning as well. But Matthew has a point too, that for low value accounts the trade off might be worth it.
On Thu, Oct 20, 2016 at 4:43 PM, Antonio M antonio.montagnani@gmail.com wrote:
reed means just a mistyping for read....not difficult to understand.
I was just pulling your leg, Antonio. Since you answered a bit in a patronising tone I thought returning the kindness, but you know, all for laughs and stuff.
FC
On Thu, 20 Oct 2016 20:01:01 -0700 stan stanl-fedorauser@vfemail.net wrote:
I read this as saying that you are agreeing that it is a security risk, but that what is being risked is of so little value that any compromise of security is not worthy of consideration. And that seems to make sense in this case.
I then think that Fedora is using all those other accounts as a sort of 'captcha' filter to prevent spam from getting to the list. Otherwise, why bother having any security at all to sign up for a mailing list? Just take the email address, send a confirmation, get a response, and bob's your uncle.
Well, you may need to change your email address, change your options, post from the web interface or the like, and for that there needs to be a way to identify you as you.
In fact, given that a spammer could set up their own openid server, there really isn't any security at all. I suppose the work of setting up and maintaining the server is a hurdle to prevent casual abuse.
I think thats an odd way of looking at it. Spammers can (and do) sign up for accounts everywhere, which they could use to subscribe to the list and post, but I think most spam these days is looking for easy and volume, so thats too much trouble to bother with usually.
There also is security for each account... just as much security as the provider you choose to login with has. Personally, I would not trust yahoo at all, but I do trust Fedora. Its up to you which one you use.
kevin
On Fri, 21 Oct 2016 09:41:34 -0600 Kevin Fenzi kevin@scrye.com wrote:
Well, you may need to change your email address, change your options, post from the web interface or the like, and for that there needs to be a way to identify you as you.
Wouldn't it be easier to not allow changes? At subscription time, the list options are selected by the user. If the user wants to change them, they unsuscribe, and resubscribe with the new options they want. No need for any outside confirmation of who is subscribing.
I think thats an odd way of looking at it. Spammers can (and do) sign up for accounts everywhere, which they could use to subscribe to the list and post, but I think most spam these days is looking for easy and volume, so thats too much trouble to bother with usually.
I think email spam is a dying mode, probably because it gets so little response. Or maybe the tools to deal with it have become so good I rarely see it. Most of the spam I see now is on social media.
There also is security for each account... just as much security as the provider you choose to login with has. Personally, I would not trust yahoo at all, but I do trust Fedora. Its up to you which one you use.
I think I agree with Matthew that the account is low threat. So the level of security is not very important, except for the threat of spam to the list itself if it is compromised. Using a low trust account under that scenario makes sense.
I am totally bewildered now: I just wanted to interrupt delivery of mails for four weeks (going on a visit to India), wanted to edit my subscription correspondingly like I did for years. Couldn't log in to anything (trying my Google account). I choose to reset my password and received a password reset mail, telling me that my user name was kpschrage. But this user seems to be unknown, can't log in with the new password. What a mess ...
Am 21.10.2016 um 02:07 schrieb Matthew Miller:
On Thu, Oct 20, 2016 at 05:01:06PM -0700, Rick Stevens wrote:
Not to my mind. SSO (single sign on) is, IMHO, a really bad thing. Yes, it's easier to administer because the authentication is being handled by someone else and you "don't have to be bothered". However, now your security is now ENTIRELY dependent on the security of that provider. If they're breached, YOU'RE breached. Relying on someone else to provide your security is, again IMHO, a truly idiotic thing to do.
Note that with the options provided, you could use your *own* open identity provider.
--- Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft. https://www.avast.com/antivirus
On Mon, 24 Oct 2016 21:41:37 +0200 Klaus-Peter Schrage kpschrage@gmx.de wrote:
I am totally bewildered now: I just wanted to interrupt delivery of mails for four weeks (going on a visit to India), wanted to edit my subscription correspondingly like I did for years. Couldn't log in to anything (trying my Google account). I choose to reset my password and received a password reset mail, telling me that my user name was kpschrage. But this user seems to be unknown, can't log in with the new password. What a mess ...
It's not so bad. Just login with aany method (google account is fine), and then go to your profile and add the email address you use on the list. You will get a confirm email and then you can manage that email address in the interface.
kevin
Am 24.10.2016 um 22:14 schrieb Kevin Fenzi:
On Mon, 24 Oct 2016 21:41:37 +0200 Klaus-Peter Schrage kpschrage@gmx.de wrote:
I am totally bewildered now: I just wanted to interrupt delivery of mails for four weeks (going on a visit to India), wanted to edit my subscription correspondingly like I did for years. Couldn't log in to anything (trying my Google account). I choose to reset my password and received a password reset mail, telling me that my user name was kpschrage. But this user seems to be unknown, can't log in with the new password. What a mess ...
It's not so bad. Just login with aany method (google account is fine), and then go to your profile and add the email address you use on the list. You will get a confirm email and then you can manage that email address in the interface.
kevin
Thanks, Kevin, I somehow really succeeded in getting into a page where I could manage my subsciption as desired (change my delivery status). But this was more or less on trial and error based ...
--- Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft. https://www.avast.com/antivirus
-
Antonio M -
antonio montagnani -
Fernando Cassia -
Joe Zeff -
Kevin Fenzi -
Klaus-Peter Schrage -
Matthew Miller -
Patrick O'Callaghan -
Rick Stevens -
stan